Thousands of files containing details of US intelligence operatives with Top Secret clearance have been breached.

The 9,402 documents were found on an unsecure Amazon server without the protection of a password.

The files, discovered this summer by a security analyst at the California-based cyber security firm UpGuard, were found in a folder called 'resumes'.

They contained the CV of thousands of Americans currently in jobs in the US Department of Defense and the US intelligence community.

They included information such as their home addresses, phone numbers, work history and email addresses, as well as more sensitive information including security clearances, driver's license numbers, passport numbers and at least partial social security numbers.

According to UpGuard, at least one of the applicants claimed he was charged with the transportation of nuclear activation codes and weapons components.

In response private security firm TigerSwan said it took information security 'very seriously', found the exposure 'inexcusable' and planned to investigate how the data came to be publicly exposed.

The documents have been traced back to TigerSwan, a private security firm based in North Carolina

Other documents revealed sensitive and personal details about Iraqi and Afghan nationals who have cooperated and worked alongside US military forces in their home countries, Gizmodo reported.

Between 15 and 20 applicants reportedly meet this criteria. They may now be endangered by the disclosure of their personal details.

One applicant described his employment as a 'warden advisor' at the Abu Ghraib black site near Baghdad, where prisoners are known to have been tortured.

RELATED ARTICLES

Share this article

Share

Another applicant reportedly said he was involved in 'enhancing evidence' against Iraqi insurgents during the war.

The breach also includes details of a former United Nations worker in the Middle East, a parliamentary security officer in Eastern Europe, an active Secret Service agent, a Central African logistical expert, an ex-soldier tasked with providing security in war zones for TV news crews and a police chief in a southern state.

In addition to this, the details of an Army officer tasked not only with finding WMDs in post-invasion Iraq, but with escorting a major US journalist on the hunt have been breached, as well as military and police trainers in Iraq, Afghanistan, Georgia, Liberia, Ukraine, and the Democratic Republic of Congo.

The 9,402 documents (including this CV) were found on an unsecure Amazon server without the protection of a password

The documents have been traced back to TigerSwan, a private security firm based in North Carolina. The company was set up in 2007 by retired US Army Lt. Colonel and Delta Force operator James Reese.

It has worked on behalf of the US military and State Department as a paramilitary force in Iraq and Afghanistan, as well as domestically on behalf of corporations.

It employs around 350 people across 46 countries with offices in the Middle East, North and West Africa, Latin America, and Japan.

But in a statement TigerSwan pinned the blame on TalentPen, a third-party vendor they use to sift through new job applications.

The firm said: 'At no time was there ever a data breach of any TigerSwan server.

'All resume files in TigerSwan's possession are secure. We take seriously the failure of TalentPen to ensure the security of this information and regret any inconvenience or exposure our former recruiting vendor may have caused these applicants. TigerSwan is currently exploring all recourse and options available to us and those who submitted a resume.

'This is a regrettable experience and we are re-evaluating our vendor selection processes and their data management practices as a result.'

Mr Reese said: 'We take information security very seriously, especially in this instance, because a majority of the resume files were from veterans. As a Service-Disabled, Veteran-Owned Small Business, we find the potential exposure of their resumes inexcusable. To our colleagues and fellow veterans, we apologize. The situation is rectified and we have initiated steps to inform the individuals affected by this breach.'

This CV of an American with '20+ years military experience' was one of the 9,400 breached

TalentPen could not be immediately reached for comment.

UpGuard said: 'The incident again underscores the importance of qualifying the security practices of vendors who are handling sensitive information.

'While criminals could use the deep knowledge of work experience and personal details for anything from identity theft to one of the phishing scams known to specifically target veterans, the value of this database to foreign intelligence agencies if they were to access it is not insignificant.

'The presence of extremist sympathizers in western nations makes the prospect of publicly exposed Iraqi and Afghan nationals that much more alarming.'